Among the various rights comprehensively stipulated, the Civil Code allocates a standalone chapter with eight articles dedicated to privacy rights and personal information protection.
In addition to emphasising the protection of privacy rights and how an employee’s personal data may be processed, the Civil Code’s scope defines the use of employee surveillance activities and infringement on employees’ rights outside the workplace.
On 28 May 2020, the Civil Code of the PRC (the Civil Code) was promulgated and took effect on 1 January 2021. The Civil Code will affect the HR activities of businesses operating in mainland China, as it is inevitable for employers to obtain employees’ personal information. It could even conflict with employees’ rights to privacy when the rights of employment management is exercised.
Definition of privacy
According to Article 1032 of the Civil Code, privacy is a natural person’s private life peace, as well as private space, activities, and information that they do not want to be known by others. No organisation or individual may infringe upon the right to privacy of any other person by spying, invading personal space, harassing, disclosing or publishing personal information, or by any other means.
Typical infringement acts
Article 1033 enumerates some of the typical acts regarded as infringements to privacy. Unless otherwise prescribed by the law or specifically agreed to by the right stakeholders, the following acts are not allowed to be carried out by any organisation or individual:
Disturbing the private peace of others by means of telephone, text messages, instant messaging tools, e-mails, leaflets, etc.;
Entering, taking pictures of, or peeping into others’ houses or hotel rooms or other private space;
Taking pictures of, peeping into, eavesdropping on, or making public the private activities of others;
Taking pictures of or peeping into any private part of another person’s body;
Dealing with the confidential information of others; or
Infringing upon the right to privacy of others by other means.
Given the Civil Code’s scope, there might be new changes that may cause conflicts between an organisation’s employment management rights and the employees’ privacy rights.
Where do the rights to privacy disputes usually arise?
In practice, privacy right disputes between employers and employees mostly occur in three periods – recruitment, employment, and postemployment. Examples of potential disputes that may arise in these periods include:
According to Article 8 of the Labour Contract Law of the PRC, an organisation has the right to know the employee’s basic information, which is directly relevant to the employee’s labour contract. The employee is obliged to disclose such information.
In practice, during the recruitment period, some companies tend to collect personal information from job seekers, such as their marital status, fertility status, and whether they are carrying an infectious disease. However, where the job seeker discloses such information to the company during the recruitment process, but fails to be employed by the organisation, it could be exposed to the risk of employment discrimination.
During the employment period, for the purposes of managing the office, enhancing work efficiency, and protecting a company’s commercial secrets, the organisation may install monitoring equipment in the office area. Companies may also use background monitoring of office software used by employees, check employees web browser data, and track the movement of employees who are out of office for business purposes. Furthermore, organisations may secretly investigate an employee’s illness where the company doubts the authenticity of the employee’s sick leave application.
For companies that require their employees to keep commercial secrets strictly confidential or to take noncompetition responsibilities, it is common for them to seek and collect evidence that responsibilities are being adhered to by conducting secret investigations. Such behaviour may be necessary for an employer to exercise its employment management rights, or to be conducive to the handling of emergencies. However, such behaviour can lead to conflicts between the company’s employment management rights and the employee’s privacy rights.
Developments in information technology now facilitate greater information sharing and communication among people and among companies. To ensure employment stability, organisations usually prefer to choose suitable and compliant job seekers as their employees. It is understood that an “industry blacklist” is shared among companies to maintain standards.
In addition to basic personal information, the blacklist can include details about an employee’s resume, employment history, and labour dispute history. The blacklist may vaguely label an employee as “unqualified”. This type of industry blacklist could potentially result in a privacy dispute because of its potential to hinder a jobseeker’s attempts to seek employment.
Balancing employment management needs and employee’s privacy rights
As a newly enacted law, the Civil Code introduces innovation in system, style, and content – which will inevitably raise questions during its application and need a great deal of judicial interpretation to evaluate the details. At present, it is important for organisations to understand the boundaries between its employment management rights and employees’ privacy rights. In past judicial practices, the court mainly took into consideration the influence of infringement on an employee’s rights and the infringer’s subjective malice; however, after the promulgation of the Civil Code, courts can be expected to examine more aspects of infringement issues. For example, Article 998 of the Civil Code stipulates that, in determining an infringer’s civil liability for infringing upon personal rights (other than the right to life, right to body, and right to health), such factors as the occupations of the infringer and the victim, scope of influence, degree of fault, as well as the purpose, method, and consequences of the act shall be considered. This article is also applicable to privacy right infringement.
Based on this Article, if there is an employment subordinate relationship between parties, the regular criteria in determining privacy right infringement are no longer applicable. “Taken into consideration the occupation of the infringer and the victim” could be interpreted as “taken into consideration the occupational subordination relationship between the tortfeasor and the victim”. Under an employment subordinate relationship, it is improper to unilaterally emphasise employers’ employment management rights, or employees’ privacy rights. Instead, both parties should realise there are boundaries to their rights and the employee shall waive certain privacy rights to ensure a balance between the employer’s employment management rights and the employee’s privacy rights.
To avoid privacy rights-related disputes, companies should review their employment-related documentation processes and ensure the three-pronged principles of legitimacy, reasonableness, and consent are strictly followed.
There are several points to be considered when determining whether the company executes its employment management rights in a way that is not infringing employees’ privacy rights.
Whether it is “legitimate” is the most basic requirement. When making its internal management rules and policies, the company shall ensure such rules and policies are compliant with current applicable laws and regulations. For instance, it is illegal to include content, such as “employee voluntarily waived his/her private rights”, in a company’s Staff Handbook. During the recruitment interview, questions about a female interviewee’s marital and birth status must be strictly compliant with the Notice on Further Regulating Recruitment Practices to Promote Women’s Employment; physical examination of an employee’s infectious disease antigen carriage condition must comply with Opinions on Safeguarding the Employment Rights of Hepatitis B Surface Antigen Carriers.
The cornerstone of Article 998 of the Civil Code, “reasonableness” requires organisations to cautiously exercise their employment management rights. If the employees waive some of their rights, it does not entitle a company to expand its rights without any limitations.
In practice, the company should always keep to the principle of “minimum damage”. For example, in collecting an employee’s personal information, the organisation shall not ask the employee to disclose information that does not closely relate to the employment requirements – such as their marital status, birth plans, or financial status. When it comes to software usage monitoring, the scope shall be strictly limited to the software directly related to work. Any surveillance equipment should only be installed in the office area and not in nursing rooms, dressing rooms, or bathrooms.
“Consent” means where a company’s employment management rights may infringe an employee’s privacy rights, the organisation shall give the employee a detailed explanation in advance and require his/her consent in writing. The Civil Code gives more emphasis to the protection of privacy rights, and it will have a profound impact on the employment management behaviour of employers.
Note: The information contained herein is intended
to be a general guide only and is not intended to
provide legal advice. This journal, its publisher and
the HKIHRM do not assume any legal responsibility
in respect of any comments provided in this article,
which do not constitute legal advice and should
not be taken or construed as such. Independent
professional legal advice should be sought as
necessary in respect of legal matters and issues
raised in this article.